CL Site Malware thread (fixed, please let us know if you see issues)
Thread Starter
Driver School Candidate
Joined: Sep 2012
Posts: 37
Likes: 0
From: FL
CL Site Malware thread (fixed, please let us know if you see issues)
I'm not sure where to post this but
Starting yesterday, the 3rd, when I sign on to Club Lexus Forum I get a popup warning from Norton Security saying:
Norton blocked an attack by:
EXPLOIT TOOLKIT
WEBSITE 33
Details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-04 17:30:28,High,An intrusion attempt by dnsserv.ssrsystems.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"dnsserv.ssrsystems.com (213.179.207.140, 80)",dnsserv.ssrsystems.com/dhFJwR?leETD=31,"OWNER-PC (192.168.1.68, 51765)",213.179.207.140 (213.179.207.140),"TCP, www-http"
Network traffic from <b>dnsserv.ssrsystems.com/dhFJwR?leETD=31</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Just thought you ought to know.
It's supposed to be nasty.
Starting yesterday, the 3rd, when I sign on to Club Lexus Forum I get a popup warning from Norton Security saying:
Norton blocked an attack by:
EXPLOIT TOOLKIT
WEBSITE 33
Details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-04 17:30:28,High,An intrusion attempt by dnsserv.ssrsystems.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"dnsserv.ssrsystems.com (213.179.207.140, 80)",dnsserv.ssrsystems.com/dhFJwR?leETD=31,"OWNER-PC (192.168.1.68, 51765)",213.179.207.140 (213.179.207.140),"TCP, www-http"
Network traffic from <b>dnsserv.ssrsystems.com/dhFJwR?leETD=31</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Just thought you ought to know.
It's supposed to be nasty.
Getting a Trojan warning in main SC Forum
When I reload the main & SC300/400 forum page I keep getting a "warning detected" "trojan" warning from my AVG. Its only been happening today ?
Last edited by YeA 2jZ; Nov 4, 2012 at 08:05 PM.
Intermediate
Joined: Feb 2012
Posts: 280
Likes: 6
From: NY
any one else got the message?
While browsing this forum, I got a message from my antivirus program saying it blocked an attack on my computer-happened today, more then once on both work laptop and home desktop, with different anti-virus software....
Lexus Champion
Joined: Aug 2006
Posts: 12,492
Likes: 251
From: Illinois
Pole Position
Joined: Nov 2011
Posts: 396
Likes: 1
From: Wisconsin
Trending Topics
I got infected from the FBI/Moneypak Malware virus this morning when I came to the clublexus forums. I managed to get rid of it by booting in Safe Mode and running MalwareBytes and then I got rid of Java to prevent it from getting into my computer. After that, I came back to ClubLexus and sure enough, you can tell there are some "data" (likely the virus again) that's trying to download into my computer. I think there is a virus tagged to clublexus.
Joined: Feb 2001
Posts: 31,944
Likes: 2,737
From: North Carolina
Thanks all, I've sent this along to the tech folks. I'm sure any additional details you can provide (was it the same page each time?) will be helpful as are screen shots like yea posted (thanks)
Merged similar threads
Merged similar threads
Last edited by DaveGS4; Nov 4, 2012 at 09:54 PM.
No Substitute
Joined: Nov 2005
Posts: 2,796
Likes: 51
From: RI
Same here noticed it started Sunday night.
Posting what I recieved, hope it helps.
Posting what I recieved, hope it helps.
Code:
239 11/4/2012 8:01:48 PM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 64006 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 dnsserv.ssrsystems.com/dhFJwR?leETD=31 1 11/4/2012 8:01:35 PM 11/4/2012 8:01:35 PM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 240 11/4/2012 8:01:59 PM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 64167 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 dnsserv.ssrsystems.com/dhFJwR?leETD=31 1 11/4/2012 8:02:00 PM 11/4/2012 8:02:00 PM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 241 11/4/2012 8:03:39 PM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 64249 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 moloko.net-transfer.info/dhFJwR?leETD=31 1 11/4/2012 8:03:28 PM 11/4/2012 8:03:28 PM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 242 11/5/2012 7:26:15 AM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 49356 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 rokko.poundstone.co.uk/dhFJwR?leETD=31 2 11/5/2012 7:25:02 AM 11/5/2012 7:25:12 AM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 243 11/5/2012 7:28:40 AM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 49395 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 rokko.poundstone.co.uk/dhFJwR?leETD=31 1 11/5/2012 7:27:37 AM 11/5/2012 7:27:37 AM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 244 11/5/2012 7:34:54 AM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 49500 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 rokko.poundstone.co.uk/dhFJwR?leETD=31 1 11/5/2012 7:33:53 AM 11/5/2012 7:33:53 AM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Last edited by TripleL; Nov 5, 2012 at 05:04 AM.
I just got nailed, on iPad now while I run Malwarebytes to clean in safe mode.
Wtf!? I never get hit with stuff, first time in like ten years, on my work laptop no less. This was fast as hell too... Like I just clicked on the main forum page and then this just popped up. I can only imagine what's nailing everyone else.
Windows seven 64bit, Mozilla latest release. Norton.
Wtf!? I never get hit with stuff, first time in like ten years, on my work laptop no less. This was fast as hell too... Like I just clicked on the main forum page and then this just popped up. I can only imagine what's nailing everyone else.
Windows seven 64bit, Mozilla latest release. Norton.
